Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-36103

    Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Sep. 10, 2024
    • Modified: Sep. 24, 2024

  • 4.3

    MEDIUM
    CVE-2024-47159

    In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project... Read more

    Affected Products : youtrack
    • Published: Sep. 19, 2024
    • Modified: Sep. 24, 2024

  • 7.8

    HIGH
    CVE-2024-31960

    An issue was discovered in Samsung Mobile Processor Exynos 1480, Exynos 2400. The xclipse amdgpu driver has a reference count bug. This can lead to a use after free.... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 24, 2024

  • 5.3

    MEDIUM
    CVE-2024-47160

    In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible... Read more

    Affected Products : youtrack
    • Published: Sep. 19, 2024
    • Modified: Sep. 24, 2024

  • 5.3

    MEDIUM
    CVE-2024-47162

    In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page... Read more

    Affected Products : youtrack
    • Published: Sep. 19, 2024
    • Modified: Sep. 24, 2024

  • 9.8

    CRITICAL
    CVE-2024-8146

    A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The ... Read more

    • Published: Aug. 25, 2024
    • Modified: Sep. 24, 2024

  • 6.4

    MEDIUM
    CVE-2024-4283

    An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAut... Read more

    Affected Products : gitlab
    • Published: Sep. 16, 2024
    • Modified: Sep. 24, 2024

  • 7.5

    HIGH
    CVE-2024-45395

    sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the ... Read more

    Affected Products : sigstore-go
    • Published: Sep. 04, 2024
    • Modified: Sep. 24, 2024

  • 4.3

    MEDIUM
    CVE-2024-6685

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members.... Read more

    Affected Products : gitlab
    • Published: Sep. 16, 2024
    • Modified: Sep. 24, 2024

  • 6.1

    MEDIUM
    CVE-2024-45399

    Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.5.5, there is a Cross-Site-Scripting vulnerability durin... Read more

    Affected Products : indico
    • Published: Sep. 04, 2024
    • Modified: Sep. 24, 2024

  • 6.7

    MEDIUM
    CVE-2022-27592

    An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors. We have alread... Read more

    Affected Products : qvr_smart_client
    • Published: Sep. 06, 2024
    • Modified: Sep. 24, 2024

  • 9.8

    CRITICAL
    CVE-2024-43978

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8.... Read more

    Affected Products : super_store_finder
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 7.2

    HIGH
    CVE-2023-39300

    An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: Q... Read more

    Affected Products : quts_hero qts qutscloud
    • Published: Sep. 06, 2024
    • Modified: Sep. 24, 2024

  • 9.8

    CRITICAL
    CVE-2024-43976

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7.... Read more

    Affected Products : super_store_finder
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 8.8

    HIGH
    CVE-2024-9001

    A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. Th... Read more

    Affected Products : t10_firmware t10
    • Published: Sep. 19, 2024
    • Modified: Sep. 24, 2024

  • 5.5

    MEDIUM
    CVE-2024-46793

    In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder Since commit 13f58267cda3 ("ASoC: soc.h: don't create dummy Component via COMP_DUMMY()") dummy codecs declared like ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 24, 2024

  • 7.5

    HIGH
    CVE-2024-8287

    Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before th... Read more

    Affected Products : anbox_cloud
    • Published: Sep. 18, 2024
    • Modified: Sep. 24, 2024

  • 8.3

    HIGH
    CVE-2022-25776

    Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names.... Read more

    Affected Products : mautic
    • Published: Sep. 18, 2024
    • Modified: Sep. 24, 2024

  • 8.1

    HIGH
    CVE-2024-8947

    A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The com... Read more

    Affected Products : micropython
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 7.5

    HIGH
    CVE-2024-8946

    A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible... Read more

    Affected Products : micropython
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024
Showing 20 of 291058 Results